04/05/2005 10:46 4073437587 



FAX 



PAGE 02 



PRO POSED DRAFT of Amen flnflgnta tn Claim 1 
With Markings: (version without markings provided below, for convenience) 

1 Claim 1 (currently amended): In a computing environment having a plurality of secure netwprK 

2 connections coiiniiUiuii tu a uUwuib, a computer program product for securely propagating 

3 security credentials using a trusted master registry, the computer program product embodied on 

4 one or more computer-readable media and comprising: 

5 compu t er-readable program code miani for esLtbliiliing a &iluii coim nuou between a 

6 clien t and a passwo r d ay ucluuiuzaUuu agen t (PSA fc 

7 computer-readable program code means for receiving, at the TSA by a password 

8 synchronization agent ("PSA") from auserata [[me]] client device over [[the]] a first rputuatly- 

9 authenticated secure connection between the c lient device and the PSA, a password propagation 

1 0 req uest providing an identifier of [[a]] the user and an identirying secret of the usertmrtng 

11 yiopagatitiii r e ques t processing ; 

! 2 computer-readable program code means for validating the- user wife t he fprwardinp;, by 

13 the PSA to a trusted master registry over a second m utually-authenticated secure connection 

1 4 therebetween- [[using]] the received user identifier and identifying secret, uu icqiK.il of the PSA 

15 wherein the trusted master registry stores identifying sec r ets for user identifiers only as secured, 

16 non-recoverable versions thereof: 

17 cnmputer-readable program code means for receivin g- bv the PSA from the trusted master 

18 registry over the second mutually-a itfhp"tip.^ M secure conn ection, a validation result created by 

19 the trusted master registry responsive to the forwarding, the validation result being_a successful 

20 result if it indicates that the t rusted master registry had previously stored, for the user identifier.^ 
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1 secured version of the identifying secret: and 

2 computer-readable program code means for propagating, if the validation result is the 

3 successful result the received user identifier and identifying secret of -Hie user directly from the 

4 PSA to one or more target registries if the validation succeeds over third mutually-authenticated 

5 connections, each of the third connections being between the P SA and a distinct one of the target 

6 registries, such that each tar get re&tstrv can stoie^for the user i dentifier, a secured version of the 

7 identifyingLsecret wherein the seciired version at the target r egistries is not required to be 

8 identical to the secured version stored bv the truste d master registry. 

Without Markings: 

1 Claim 1 (as amended): In a computing environment having a plurality of secure network 

2 connections, a computer program product for securely propagating security credentials using a 

3 trusted master registry, the computer program product embodied on one or more computer- 

4 readable media and comprising: 

5 computer-readable program code means for receiving, by a password synchronization 

6 agent ("PSA") from a user at a client device over a first mutually-authenticated secure connection 

7 between the client device and the PSA, a password propagation request providing an identifier of 

8 the user and an identifying secret of the user; 

9 computer-readable program code means for forwarding, by the PSA to a trusted master 

10 registry over a second mutually-authenticated secure connection therebetween, the received user 

11 identifier and identifying secret, wherein the trusted master registry stores identifying secrets for 

12 user identifiers only as secured, non-recoverable versions thereof; 
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1 computer-readable program code means for receiving, by the PSA from the trusted master 

2 registry over the second mutually-authenticated secure connection, a validation result created by 

3 the trusted master registry responsive to the forwarding, the validation result being a successful 

4 result if it indicates that the trusted master registry had previously stored, for the user identifier, a 

5 secured version of the identifying secret; and 

6 computer-readable program code means for propagating, if the validation result is the 

7 successful result, the received user identifier and identifying secret from the PSA to one or more 

8 target registries over third mutually-authenticated connections, each of the third connections 

9 being between the PSA and a distinct one of the target registries, such that each target registry 

1 0 can store, for the user identifier, a secured version of the identifying secret, wherein the secured 

1 1 version at the target registries is not required to be identical to the secured version stored by the 

12 trusted master registry. 



Respectfully submitted, 





ia L. Doubet 
Attorney for Applicants 
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